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5) D Claim(s) is/are allowed. 
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Application Papers 
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DETAILED ACTION 



1. This action is responsive to communications: application, filed 2/6/2002; 
amendment filed 1/13/2006. 

2. Claims 1-21 are pending in the case. Claims 22-32 are cancelled. Claim 1 is the 
only independent claim. 

Information Disclosure Statement PTO-1449 

The Information Disclosure Statements submitted by applicant on 12/20/2005, has been 
considered. Please see attached PTO-1449. 



Response to Arguments 

3. Applicant's arguments filed 1/13/2006 have been fully considered but are not 
persuasive. 

3.1. Applicant has amended claim number 1 to include "a security protocol 
independent security policy language". Applicant believes that the amendment puts 
claim 1 in the condition of allowability, and therefore all dependent claims are allowable 
as well. Applicant argues that Rothermel does not teach or suggest using a security 
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protocol independent security policy language to create such policy. Applicant argues 
that Rothermel discloses a system in which the security policy must use the existing 
security protocols utilized by network security devices and cannot provide 
interoperability or support multiple cryptographic technologies. 

However, Rothermel does disclose a security protocol independent security policy 
language. Rothermel's security policy template (Fig. 1 item 113, and column 7 line 3 to 
7) is independent of the specific security devices and protocols. Applicant's figures 6 
and 7 and associated text indicate that the protocol independent policy is configured 
according to the specifics of the security component, before it is sent to the security 
component for execution. In the same way, Rothermel creates a security policy 
template (column 7 line 3 to 57) and combine that with the specific attributes of the 
protocols running in NSDs (column 10 line 47 to 65) to create a security policy. The 
security policy is compatible with NSD, but the template is independent of the protocols. 
In addition, according to Fig. 3C, the Security Policy Manager Device (Fig. 2 item 110) 
allows creation of templates configured for multiple different protocols. This shows 
Rothermel's policy language must be independent from all protocols, so it could be 
•configured (at later stages) according to different protocol specifics. 

Referring to paragraphs 6 and 43, the applicant argues that a protocol independent 
security policy supports multiple cryptographic protocols and interoperability. 
Rothermel's system also supports interoperability and multiple protocols. Column 13 
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line 30 to column 14 line 13 disclose Rothermel system's interoperability with multiple 
OS's, application software and protocols, which makes it more evident that the security 
language is not dependent on any specific device or protocol. 

Therefore, Rothermel discloses a security protocol independent security policy, and 
claim 1 is rejected under 35 USC 102(b). All claims dependent on claim 1 are also 
rejected. 



Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1, 2, 3, and 5 to 19 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Rothermel (U.S. Patent No. 6678827). 

5.1. As per claim 1, Rothermel is directed to a distributed security system (Fig. 1 and 
column 4 line 63 to column 5 line 13) comprising: 

a security policy written in a security protocol independent (column 7 line 3 to 57 
disclose that the Security Policy Manager Device allows a user to create a 
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security template independent of security protocols running in NSDs. The 
template will be configured based on NSD protocols to create a security policy 
compatible with NSD, once the template is loaded on NSDs. Therefore the 
security policy language used at the Security Policy Manager Device must be 
independent of the security protocols of NSDs) policy language (column 4line 65 
to column 5 line 3) and 

a least one computer device that process the data in accordance with security 
policy (Fig 2 and column 8 line 49 to 65). 

5.2. As per claim 2, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy identifies the components of the security system (column 5 
line 14 to 25). 

5.3. As per claim 3, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy identifies the access rights of the security system (column 1 1 
line 18 to 45). 

5.4. As per claim 5, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is configurable (column 7 line 25 to 37). 
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5.5. As per claim 6, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises at least some logic based components. 
As shown in Fig. 3G and column 1 1 line 45 to 60, the security policy creation 
template allows the manager to select network security information using radio 
buttons. Radio buttons corresponds to XOR logic. Therefore, the Examiner 
asserts that Rothermel policy templates include logic-based components. 

5.6. As per claim 7, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises at least some rule-based components. 
As shown in Fig. 3D-F and column 1 1 line 9 to 45, the security policy creation 
template allows the manager to set the access rules for ping services. Therefore, 
the Examiner asserts that Rothermel policy templates include ruled-based 
components. 

5.7. As per claim 8, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises procedural components. As shown in 
Fig. 3B and column 10 line 24 to 45, a security policy is created based on a 
procedure of using the policy template and completion of the policy by including 
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network topology attributes. Therefore, the Examiner asserts that Rothermel 
policy templates include procedural components. 

5.8. As per claim 9, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the computer device is configured with computer-executable instructions to: 
receive from the first entity a message formatted in a first protocol and transmit to 
second entity the message formatted in the second protocol that is different from 
the first protocol (Fig. 6 and column 13 line 30 to 67, and Fig 6 column 13 line 30 
to column 14 line 50) 

5.9. As per claim 10, Rothermel is directed to the distributed security system of claim 
9, wherein: 

the computer device is configured with computer-executable instructions to: 
receive from the first entity a message transported with a first transport; and 
. transmit to second entity the message formatted in the second transport that is 
different from the first transport (column 16 line 48 to 62, and Fig 6 column 13 
line 30 to column 14 line 50) 



5.10. 



As per claim 11 Rothermel is directed to the distributed security system of claim 
1, wherein: 
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the security policy is implemented in at least one application programming 
interface (column 13 line 42 to 67). 

5.11. As per claim 12 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security language includes programming language constructs (column 13 line 
42 to 60). 

5.12. As per claim 13 Rothermel is directed to the distributed security system of claim 
1 , wherein: 

the security policy includes an identify service (Fig. 6 item 640 and column 13 
line 45 to 50). 

5.13. As per claim 14, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes an admission service (Fig. 6 item 630, the firewall will 
block or admit packets) 

5.14. As per claim 15 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a permission service (Fig. 3d and column 1 1 line 9 to 
15). 
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5.15. As per claim 16 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a revocation service. As indicated jn Fig. 3F, the 
security policy can be configured to allow or disallow a user to access a certain 
service, such as Ping. Changing the policy to disallow a user to continue 
accessing a service is analogous to revocation of a right, and therefore works as 
a revocation service. 

5.16. As per claim 17 Rothermel is directed "to the distributed security system of claim 
1 , wherein: 

the security policy includes a mapping of entities to rights. As described in Fig. 
3B and column 10 line 27 to 65, the policy is created based on security template 
and attributes of each entity. One of the attributes of each entity is its rights. 
Therefore, a policy is created based on the rights of each entity. This discloses 
the feature. 

5.17. As per claim 18, Rothermel is directed to the distributed security system of claim 
17, wherein: 

the security policy further includes a mapping of entities to capabilities, As 
described in Fig. 3B and column 10 line 27 to 65, the policy is created based on 
security template and attributes of each entity. One of the attributes of each entity 
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is its capabilities. Therefore, a policy is created based on the capabilities of each 
entity. This discloses the feature. 

5.18 As per claim 19, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is configured to invoke external computer-readable 
instructions (Fig. 6 and column 13 line 30 to 50). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 4, 20 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rothermel as applied to claim 1 above, and further in view of Saulpaugh (U.S. 
Patent No. 6850979). 

7.1 As per claim 4, Rothermel is directed to the distributed security system of 
claim 1 , however, it does not include the specific limitation of security policy 
language comprises the extensible markup language. Saulpaugh teaches a 
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method for creating message gates, useful for controlling the level of security 
* access the client has to the services (column 7 line 36 to 55). Saulpaugh 
introduces the benefits of using extensible markup language (XML) to create 
messages gates (column 7 line 19 to 36, column 15 line 62 to column 16 line 35). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed 
network elements and devices. 

At the time of invention, it would have been obvious to a skilled person in the art 
to improve the way that Rothermel distributes security policies between the 
security manager and the security devices (which in essence, is exchanging a 
message) using XML comprised message gates as directed by Saulpaugh. 

The motivation to do so would have been to improve the security of policy 
exchange between the security policy manager and network security devices 
using a standard message exchange language that is interoperable among 
multiple platforms. 

Therefore, it would have been obvious to use XML to create and exchange 
security policies. 
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7.2. As per claim 20, Rothermel is directed to the distributed security system of claim 
19, however, it does not include the specific limitation of external computer 
readable instructions comprise native process code. Saulpaugh teaches a 
method for creating message gates, useful for invoking programs in computer 
native language (column 14 line 29 to 42). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed network 
elements and devices. 

At the time of invention, it would have been obvious to a skilled person in the art 
to improve the distributed security system of Rothermel to be capable of invoking 
programs in computer native language, as described by Saulpaugh. 

The motivation to do so would have been to extend the system's range of 
interoperability to include systems working with machine native language. 

7.3. As per claim 21 , Rothermel is directed to the distributed security system of claim 
19, however, it does not include the specific limitation of external computer 
readable instructions comprise Java code. Saulpaugh teaches a method for 
creating message gates, useful for invoking programs in Java code (column 14 
line 29 to 42). 
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Rothermel and Salilpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed network 
elements and devices. 

At the time of invention, it would have been obvious to a skilled person in the art 
to improve the distributed security system of Rothermel to be capable of invoking 
programs in Java code, as described by Saulpaugh. 

The motivation to do so would have been to extend the system's range of 
interoperability to include systems working with Java code. 



Conclusion 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3937. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Farid Homayounmehr 



11/1/2005 




